Food for thought - GDPR

Food for thought - GDPR

We only have six months left until the GDPR (General Data Protection Regulation) comes into force. The GDPR affects all businesses who communicate with consumers in the 28 countries of the EU.


The collection and processing of personal data is a fundamental characteristic of the hospitality sector. It is therefore crucial that organisations in this industry comply with the new data protection law, particularly as hefty fines will be issued for breaches of the new legislation.


And bear in mind… your guests and customers will have increased rights, including the right to know what personal data is being stored. They will also have to consent to this data being processed.


So… what can you do to ensure that your business meets the required standard? Here are a few suggestions:


  • Keep privacy policies, procedures and documentation up-to-date. Carefully document and manage what personal data you hold and how it is shared
  • Store all personal data securely. Individuals have increased rights, and you must check your procedures for storing, processing and deleting personal data
  • Provide a privacy policy on your website
  • Always ensure that customers consent to direct marketing and always provide an opportunity to opt-out
  • Make sure that you have the correct procedures in place to deal with a personal data breach – including how it would be detected, reported and investigated


GDPR will improve the existing rights of individuals with regards to personal data. Businesses will be accountable for their use of personal data and must be ready with an effective data governance programme in place. You can read the full guide MailChimp released to help us prepare, here.

You can read the full guide MailChimp created to help us prepare, here.